CERN Computing Seminar

Vulnerability Assessment and Secure Coding Practices for Middleware

by Prof. Barton P. Miller (U.Wisconsin), Dr Elisa Heymann (UAB)

Europe/Zurich
IT Auditorium (CERN)

IT Auditorium

CERN

Description

Security is crucial in the software that we develop and use. This tutorial is relevant to anyone wanting to learn about assessing software for security flaws and for developers wishing to minimize security flaws in software they develop. We share our experience in vulnerability assessment of grid middleware. You will learn skills critical for developers and analysts concerned about software security, and the importance of independent vulnerability assessment.

The first part of this tutorial covers a process to actively discover vulnerabilities. We show how to gather information about a system and how to use this to direct the search for vulnerabilities, and how to integrate this into the development cycle.

The second part of this tutorial examines coding practices to prevent vulnerabilities by describing more than many types of vulnerabilities with examples of how they commonly arise, and techniques to prevent them. Most examples are in C and C++.

About the speakers
Barton Miller

Barton Miller is Professor of Computer Sciences at the University of Wisconsin, Madison. He directs the Paradyn Tool project, which is investigating binary code instrumentation and analysis technologies for high performance computing and cyber-security applications. He also directs the MIST vulnerability assessment project in collaboration with the Autonomous University of Barcelona. Miller has published widely in the top computer security and high performance computing conferences. He founded the field of fuzz testing, widely used in the software engineering and computer security fields.

Miller co-chaired the Supercomputing 2008 Technical Program Tutorials, and is co-chair of the upcoming 2010 Dagstuhl Seminar on Program Development for Extreme-Scale Computing. Miller has been on the editorial boards of IEEE Transactions on Parallel and Distributed Systems, the International Journal of Parallel Processing, Concurrency and Computation Practice and Experience, and Computing Systems.

Miller is the chair of the IDA Center for Computing Sciences Program Review Committee, has been on the Los Alamos National Laboratory Computing Communications and Networking Division Review Committee, U.S. Secret Service Electronic Crimes Task Force (Chicago Area), and the Advisory Board for the International Summer Institute on Parallel Computer Architectures, Languages, and Algorithms in Prague.

Miller received his Ph.D. degree in Computer Science from the University of California, Berkeley in 1984. He is a Fellow of the ACM.

Elisa Heymann

Elisa Heymann is Associate Professor of operating systems at the Universidad Autonoma of Barcelona (Spain). She attained her B.S. degree in computer science in 1992 at the University Simon Bolivar (Venezuela), and her MSc and PhD degrees from the University Autonoma of Barcelona in 1995 and 2001, respectively. Her research interests are in the area of resource management on distributed systems, middleware for distributed systems/grid systems and computer security. She has participated in several research projects related with the development of management strategies for parallel applications on distributed environments and vulnerability assessment for middleware.

She is author or co-author of a significant number of papers in scientific journals and symposiums.


Organised by: S.Lueders /IT-Computer Security and Miguel Angel Marquina - IT Department
CERN Computing Seminars and Colloquia

more information
Slides